feat: integrate docker install method

rolehippie · Dec 8, 2022 · 1053bec · 1053bec
1 parent 370fa35
commit 1053bec
Show file tree

Hide file tree

Showing 7 changed files with 252 additions and 38 deletions.
diff --git a/.github/settings.yml b/.github/settings.yml
@@ -6,7 +6,6 @@ repository:
 
   private: false
   has_issues: true
-  has_projects: false
   has_wiki: false
   has_downloads: false
 
@@ -16,6 +15,12 @@ repository:
   allow_merge_commit: true
   allow_rebase_merge: true
 
+  allow_update_branch: true
+  allow_auto_merge: true
+  delete_branch_on_merge: true
+  enable_automated_security_fixes: true
+  enable_vulnerability_alerts: true
+
 labels:
   - name: bug
     color: d73a4a
@@ -54,12 +59,20 @@ labels:
 branches:
   - name: master
     protection:
+      required_pull_request_reviews: null
       required_status_checks:
         strict: true
-        contexts: []
+        contexts:
+          - linting
+          - testing
       enforce_admins: false
       restrictions:
+        apps:
+          - renovate
         users: []
-        teams: []
+        teams:
+          - admins
+          - bots
+          - members
 
 ...
diff --git a/defaults/main.yml b/defaults/main.yml
@@ -1,12 +1,70 @@
 # Standards: 1.2
 ---
+# @var prometheus_installation:description: Select installation method, could be native or docker
+prometheus_installation: native
+
 # @var prometheus_version:description: Version of the release to install
 # renovate: datasource=github-releases depName=prometheus/prometheus
 prometheus_version: 2.40.5
 
 # @var prometheus_download:description: URL to the archive of the release to install
 prometheus_download: "https://github.com/prometheus/prometheus/releases/download/v{{ prometheus_version }}/prometheus-{{ prometheus_version }}.linux-amd64.tar.gz"
 
+# @var prometheus_image:description: Docker image to use for deployment
+prometheus_image: "quay.io/prometheus/prometheus:v{{ prometheus_version }}"
+
+# @var prometheus_network:description: Optional docker network to attach
+prometheus_network:
+
+# @var prometheus_default_publish:description: List of default port publishing for docker
+# @var prometheus_default_publish:example: >
+# prometheus_default_publish:
+#   - 127.0.0.1:9090:9090
+# @end
+prometheus_default_publish: []
+
+# @var prometheus_extra_publish:description: List of extra port publishing for docker
+# @var prometheus_extra_publish:example: >
+# prometheus_extra_publish:
+#   - 127.0.0.1:9000:9000
+# @end
+prometheus_extra_publish: []
+
+# @var prometheus_default_labels:description: List of default labels to assign to docker
+prometheus_default_labels: []
+
+# @var prometheus_extra_labels:description: List of extra labels to assign to docker
+prometheus_extra_labels: []
+
+# @var prometheus_default_folders:description: List of default folders to create
+prometheus_default_folders:
+  - /etc/prometheus
+  - /etc/prometheus/rules
+  - /var/lib/prometheus
+
+# @var prometheus_extra_folders:description: List of extra folders to create
+# @var prometheus_extra_folders:example: >
+# prometheus_extra_folders:
+#   - /path/to/host/folder1
+#   - /path/to/host/folder2
+#   - /path/to/host/folder3
+# @end
+prometheus_extra_folders: []
+
+# @var prometheus_default_volumes:description: List of default volumes to mount for docker
+prometheus_default_volumes:
+  - /var/lib/prometheus:/var/lib/prometheus
+  - /etc/prometheus/rules:/etc/prometheus/rules
+
+# @var prometheus_extra_volumes:description: List of extra volumes to mount for docker
+# @var prometheus_extra_volumes:example: >
+# prometheus_extra_volumes:
+#   - /path/to/host/folder1:/path/within/container1
+#   - /path/to/host/folder2:/path/within/container2
+#   - /path/to/host/folder3:/path/within/container3
+# @end
+prometheus_extra_volumes: []
+
 # @var prometheus_domain:description: Domain for external access
 # @var prometheus_domain:example: $ "https://prometheus.example.com"
 prometheus_domain:
@@ -102,8 +160,34 @@ prometheus_oauth2_version: 7.4.0
 # @var prometheus_oauth2_enabled:description: URL of the OAuth2 Proxy to download
 prometheus_oauth2_download: "https://github.com/oauth2-proxy/oauth2-proxy/releases/download/v{{ prometheus_oauth2_version }}/oauth2-proxy-v{{ prometheus_oauth2_version }}.linux-amd64.tar.gz"
 
+# @var prometheus_image:description: Docker image to use for deployment on OAuth2 Proxy
+prometheus_oauth2_image: "quay.io/oauth2-proxy/oauth2-proxy:v{{ prometheus_oauth2_version }}"
+
+# @var prometheus_network:description: Optional docker network to attach on OAuth2 Proxy
+prometheus_oauth2_network: "{{ prometheus_network }}"
+
+# @var prometheus_oauth2_default_publish:description: List of default port publishing for docker on OAuth2 Proxy
+# @var prometheus_oauth2_default_publish:example: >
+# prometheus_oauth2_default_publish:
+#   - 127.0.0.1:9089:9089
+# @end
+prometheus_oauth2_default_publish: []
+
+# @var prometheus_oauth2_extra_publish:description: List of extra port publishing for docker on OAuth2 Proxy
+# @var prometheus_oauth2_extra_publish:example: >
+# prometheus_oauth2_extra_publish:
+#   - 127.0.0.1:9089:9089
+# @end
+prometheus_oauth2_extra_publish: []
+
+# @var prometheus_oauth2_default_labels:description: List of default labels to assign to docker on OAuth2 Proxy
+prometheus_oauth2_default_labels: []
+
+# @var prometheus_oauth2_extra_labels:description: List of extra labels to assign to docker on OAuth2 Proxy
+prometheus_oauth2_extra_labels: []
+
 # @var prometheus_oauth2_upstream:description: Upstream target for the OAuth2 proxy
-prometheus_oauth2_upstream: "http://{{ prometheus_listen_address }}"
+prometheus_oauth2_upstream: "http://{{ prometheus_listen_address if prometheus_installation == 'native' else 'prometheus:9090' }}"
 
 # @var prometheus_oauth2_listen_address:description: Listem address for the OAuth2 proxy
 prometheus_oauth2_listen_address: 0.0.0.0:9089

diff --git a/tasks/main.yml b/tasks/main.yml
@@ -1,6 +1,8 @@
 # Standards: 1.2
 ---
 - name: Create system group
+  when:
+    - prometheus_installation == 'native'
   group:
     name: prometheus
     system: True
@@ -9,6 +11,8 @@
     - prometheus
 
 - name: Create system user
+  when:
+    - prometheus_installation == 'native'
   user:
     name: prometheus
     group: prometheus
@@ -21,32 +25,20 @@
   tags:
     - prometheus
 
-- name: Create config directories
-  loop:
-    - /etc/prometheus
-    - /etc/prometheus/rules
+- name: Create required directories
+  loop: "{{ prometheus_default_folders + prometheus_extra_folders }}"
   file:
     path: "{{ item }}"
-    owner: prometheus
-    group: prometheus
-    mode: u=rwx,g=rx,o=rx
-    state: directory
-  tags:
-    - prometheus
-
-- name: Create state directories
-  loop:
-    - /var/lib/prometheus
-  file:
-    path: "{{ item }}"
-    owner: prometheus
-    group: prometheus
+    owner: "{{ 'prometheus' if prometheus_installation == 'native' else 'nobody' }}"
+    group: "{{ 'prometheus' if prometheus_installation == 'native' else 'nogroup' }}"
     mode: u=rwx,g=rx,o=rx
     state: directory
   tags:
     - prometheus
 
 - name: Check existing install
+  when:
+    - prometheus_installation == 'native'
   register: prometheus_version_check
   failed_when: False
   changed_when: False
@@ -56,13 +48,17 @@
     - prometheus
 
 - name: Fact version change
+  when:
+    - prometheus_installation == 'native'
   set_fact:
     prometheus_version_changed: "{{ prometheus_version_check.rc != 0 or (prometheus_version_check.stdout_lines is defined and prometheus_version not in prometheus_version_check.stdout_lines[0]) | bool }}"
   tags:
     - prometheus
 
 - name: Download release tarball
-  when: prometheus_version_changed
+  when:
+    - prometheus_installation == 'native'
+    - prometheus_version_changed
   notify:
     - Restart prometheus
   unarchive:
@@ -75,7 +71,10 @@
     - prometheus
 
 - name: Sync libraries folder
-  when: prometheus_version_changed and not ansible_check_mode
+  when:
+    - prometheus_installation == 'native'
+    - prometheus_version_changed
+    - not ansible_check_mode
   notify:
     - Restart prometheus
   delegate_to: "{{ inventory_hostname }}"
@@ -88,7 +87,10 @@
     - prometheus
 
 - name: Fix libraries owner
-  when: prometheus_version_changed and not ansible_check_mode
+  when:
+    - prometheus_installation == 'native'
+    - prometheus_version_changed
+    - not ansible_check_mode
   notify:
     - Restart prometheus
   file:
@@ -100,7 +102,10 @@
     - prometheus
 
 - name: Sync consoles folder
-  when: prometheus_version_changed and not ansible_check_mode
+  when:
+    - prometheus_installation == 'native'
+    - prometheus_version_changed
+    - not ansible_check_mode
   notify:
     - Restart prometheus
   delegate_to: "{{ inventory_hostname }}"
@@ -113,7 +118,10 @@
     - prometheus
 
 - name: Fix consoles owner
-  when: prometheus_version_changed and not ansible_check_mode
+  when:
+    - prometheus_installation == 'native'
+    - prometheus_version_changed
+    - not ansible_check_mode
   notify:
     - Restart prometheus
   file:
@@ -125,7 +133,10 @@
     - prometheus
 
 - name: Copy downloaded binaries
-  when: prometheus_version_changed and not ansible_check_mode
+  when:
+    - prometheus_installation == 'native'
+    - prometheus_version_changed
+    - not ansible_check_mode
   notify:
     - Restart prometheus
   loop:
@@ -142,6 +153,8 @@
     - prometheus
 
 - name: Drop tsdb binary
+  when:
+    - prometheus_installation == 'native'
   file:
     path: /usr/bin/tsdb
     state: absent
@@ -154,8 +167,8 @@
   template:
     src: config.j2
     dest: /etc/prometheus/config.yml
-    owner: prometheus
-    group: prometheus
+    owner: "{{ 'prometheus' if prometheus_installation == 'native' else 'nobody' }}"
+    group: "{{ 'prometheus' if prometheus_installation == 'native' else 'nogroup' }}"
     mode: u=rw,g=r,o=r
   tags:
     - prometheus
@@ -256,6 +269,8 @@
     - prometheus
 
 - name: Remove install directory
+  when:
+    - prometheus_installation == 'native'
   file:
     path: "/usr/local/src/prometheus-{{ prometheus_version }}.linux-amd64"
     state: absent

diff --git a/tasks/oauth2.yml b/tasks/oauth2.yml
@@ -13,6 +13,8 @@
     - oauth2
 
 - name: Check existing install
+  when:
+    - prometheus_installation == 'native'
   register: prometheus_oauth2_version_check
   failed_when: False
   changed_when: False
@@ -23,14 +25,18 @@
     - oauth2
 
 - name: Fact version change
+  when:
+    - prometheus_installation == 'native'
   set_fact:
     prometheus_oauth2_version_changed: "{{ prometheus_oauth2_version_check.rc != 0 or (prometheus_oauth2_version_check.stdout_lines is defined and prometheus_oauth2_version not in prometheus_oauth2_version_check.stdout_lines[0]) | bool }}"
   tags:
     - prometheus
     - oauth2
 
 - name: Download release tarball
-  when: prometheus_oauth2_version_changed
+  when:
+    - prometheus_installation == 'native'
+    - prometheus_oauth2_version_changed
   unarchive:
     src: "{{ prometheus_oauth2_download }}"
     dest: /usr/local/src
@@ -42,7 +48,10 @@
     - oauth2
 
 - name: Copy oauth2 binary
-  when: prometheus_oauth2_version_changed and not ansible_check_mode
+  when:
+    - prometheus_installation == 'native'
+    - prometheus_oauth2_version_changed
+    - not ansible_check_mode
   notify:
     - Restart prometheus-oauth2
   copy:
@@ -68,9 +77,9 @@
     name: "{{ item.username }}"
     password: "{{ item.password }}"
     crypt_scheme: bcrypt
-    owner: prometheus
-    group: prometheus
-    mode: u=rw,g=r,o=
+    owner: "{{ 'prometheus' if prometheus_installation == 'native' else 'nobody' }}"
+    group: "{{ 'prometheus' if prometheus_installation == 'native' else 'nogroup' }}"
+    mode: "{{ 'u=rw,g=r,o=' if prometheus_installation == 'native' else 'u=rw,g=r,o=r' }}"
     state: "{{ item.state | default('present') }}"
   tags:
     - prometheus
@@ -114,6 +123,8 @@
     - oauth2
 
 - name: Remove install directory
+  when:
+    - prometheus_installation == 'native'
   file:
     path: "/usr/local/src/oauth2-proxy-v{{ prometheus_oauth2_version }}.linux-amd64"
     state: absent

diff --git a/templates/default.j2 b/templates/default.j2
@@ -1 +1,3 @@
+{% if prometheus_installation == 'native' %}
 ARGS="--config.file=/etc/prometheus/config.yml --web.external-url={{ prometheus_domain }} --web.enable-lifecycle --web.enable-admin-api --web.console.templates=/etc/prometheus/consoles --web.console.libraries=/etc/prometheus/console_libraries --storage.tsdb.path=/var/lib/prometheus{{ ' --storage.tsdb.retention.time=' + prometheus_tsdb_retention_time if prometheus_tsdb_retention_time | default(False) else '' }}{{ ' --storage.tsdb.retention.size=' + prometheus_tsdb_retention_size if prometheus_tsdb_retention_size | default(False) else '' }} --web.listen-address={{ prometheus_listen_address }}"
+{% endif %}